idnits 2.17.1 draft-ietf-tsvwg-addip-sctp-12.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1.a on line 24. -- Found old boilerplate from RFC 3978, Section 5.5 on line 1443. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 1420. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 1427. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 1433. ** The document seems to lack an RFC 3978 Section 5.1 IPR Disclosure Acknowledgement. ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. ** The document uses RFC 3667 boilerplate or RFC 3978-like boilerplate instead of verbatim RFC 3978 boilerplate. After 6 May 2005, submission of drafts without verbatim RFC 3978 boilerplate is not accepted. The following non-3978 patterns matched text found in the document. That text should be removed or replaced: This document is an Internet-Draft and is subject to all provisions of Section 3 of RFC 3667. By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. ** There are 2 instances of too long lines in the document, the longest one being 1 character in excess of 72. ** The abstract seems to contain references ([RFC2960]), which it shouldn't. Please replace those with straight textual mentions of the documents in question. == There are 4 instances of lines with non-RFC6890-compliant IPv4 addresses in the document. If these are example addresses, they should be changed. == There are 3 instances of lines with private range IPv4 addresses in the document. If these are generic example addresses, they should be changed to use any of the ranges defined in RFC 6890 (or successor): 192.0.2.x, 198.51.100.x or 203.0.113.x. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 1004 has weird spacing: '...er will treat...' == The document seems to lack the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. (The document does seem to have the reference to RFC 2119 which the ID-Checklist requires). == Using lowercase 'not' together with uppercase 'MUST', 'SHALL', 'SHOULD', or 'RECOMMENDED' is not an accepted usage according to RFC 2119. Please use uppercase 'NOT' together with RFC 2119 keywords (if that is what you mean). Found 'SHOULD not' in this paragraph: R6) An ASCONF-ACK SHOULD not be larger than the path MTU. In some circumstances an ASCONF-ACK may exceed the path MTU and in such a case IP fragmentation should be used to transmit the chunk. -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (June 7, 2005) is 6896 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Looks like a reference, but probably isn't: 'RFC2960' on line 50 == Unused Reference: '1' is defined on line 1203, but no explicit reference was found in the text == Unused Reference: '3' is defined on line 1209, but no explicit reference was found in the text == Unused Reference: '5' is defined on line 1215, but no explicit reference was found in the text ** Obsolete normative reference: RFC 2402 (ref. '3') (Obsoleted by RFC 4302, RFC 4305) ** Obsolete normative reference: RFC 2434 (ref. '4') (Obsoleted by RFC 5226) ** Obsolete normative reference: RFC 2629 (ref. '5') (Obsoleted by RFC 7749) ** Obsolete normative reference: RFC 2960 (ref. '6') (Obsoleted by RFC 4960) -- Possible downref: Normative reference to a draft: ref. '7' Summary: 12 errors (**), 0 flaws (~~), 10 warnings (==), 9 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group R. Stewart 3 Internet-Draft M. Ramalho 4 Expires: December 9, 2005 Cisco Systems, Inc. 5 Q. Xie 6 Motorola, Inc. 7 M. Tuexen 8 Univ. of Applied Sciences Muenster 9 P. Conrad 10 University of Delaware 11 June 7, 2005 13 Stream Control Transmission Protocol (SCTP) Dynamic Address 14 Reconfiguration 15 draft-ietf-tsvwg-addip-sctp-12.txt 17 Status of this Memo 19 This document is an Internet-Draft and is subject to all provisions 20 of Section 3 of RFC 3667. By submitting this Internet-Draft, each 21 author represents that any applicable patent or other IPR claims 22 of which he or she is aware have been or will be disclosed, and 23 any of which he or she becomes aware will be disclosed, in accordance 24 with Section 6 of BCP 79. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF), its areas, and its working groups. Note that 28 other groups may also distribute working documents as Internet- 29 Drafts. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 The list of current Internet-Drafts can be accessed at 37 http://www.ietf.org/ietf/1id-abstracts.txt. 39 The list of Internet-Draft Shadow Directories can be accessed at 40 http://www.ietf.org/shadow.html. 42 This Internet-Draft will expire on December 9, 2005. 44 Copyright Notice 46 Copyright (C) The Internet Society (2005). 48 Abstract 49 This document describes extensions to the Stream Control Transmission 50 Protocol (SCTP) [RFC2960] that provides a method to reconfigure IP 51 address information on an existing association. 53 Table of Contents 55 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 56 2. Conventions . . . . . . . . . . . . . . . . . . . . . . . . . 5 57 3. Additional Chunks and Parameters . . . . . . . . . . . . . . . 6 58 3.1 New Chunk Types . . . . . . . . . . . . . . . . . . . . . 6 59 3.1.1 Address Configuration Change Chunk (ASCONF) . . . . . 6 60 3.1.2 Address Configuration Acknowledgment Chunk 61 (ASCONF-ACK) . . . . . . . . . . . . . . . . . . . . . 7 62 3.2 New Parameter Types . . . . . . . . . . . . . . . . . . . 8 63 3.2.1 Add IP Address . . . . . . . . . . . . . . . . . . . . 9 64 3.2.2 Delete IP Address . . . . . . . . . . . . . . . . . . 10 65 3.2.3 Error Cause Indication . . . . . . . . . . . . . . . . 11 66 3.2.4 Set Primary IP Address . . . . . . . . . . . . . . . . 12 67 3.2.5 Success Indication . . . . . . . . . . . . . . . . . . 13 68 3.2.6 Adaptation Layer Indication . . . . . . . . . . . . . 13 69 3.3 New Error Causes . . . . . . . . . . . . . . . . . . . . . 14 70 3.3.1 Error Cause: Request to Delete Last Remaining IP 71 Address . . . . . . . . . . . . . . . . . . . . . . . 14 72 3.3.2 Error Cause: Operation Refused Due to Resource 73 Shortage . . . . . . . . . . . . . . . . . . . . . . . 15 74 3.3.3 Error Cause: Request to Delete Source IP Address . . . 16 75 3.3.4 Error Cause: Association Aborted due to illegal 76 ASCONF-ACK . . . . . . . . . . . . . . . . . . . . . . 17 77 3.3.5 Error Cause: Request refused - no authorization. . . . 17 78 4. Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . 19 79 4.1 ASCONF Chunk Procedures . . . . . . . . . . . . . . . . . 19 80 4.1.1 Congestion Control of ASCONF Chunks . . . . . . . . . 20 81 4.2 Upon reception of an ASCONF Chunk. . . . . . . . . . . . . 21 82 4.3 General rules for address manipulation . . . . . . . . . . 23 83 4.3.1 A special case for OOTB ABORT chunks . . . . . . . . . 27 84 4.3.2 A special case for changing an address. . . . . . . . 27 85 4.4 Setting of the primary address . . . . . . . . . . . . . . 28 86 5. Security Considerations . . . . . . . . . . . . . . . . . . . 29 87 6. IANA considerations . . . . . . . . . . . . . . . . . . . . . 30 88 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 31 89 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 31 90 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 31 91 A. Abstract Address Handling . . . . . . . . . . . . . . . . . . 34 92 A.1 General remarks . . . . . . . . . . . . . . . . . . . . . 34 93 A.2 Generalized endpoints . . . . . . . . . . . . . . . . . . 34 94 A.3 Associations . . . . . . . . . . . . . . . . . . . . . . . 35 95 A.4 Relationship with RFC 2960 . . . . . . . . . . . . . . . . 36 96 A.5 Rules for address manipulation . . . . . . . . . . . . . . 36 97 Intellectual Property and Copyright Statements . . . . . . . . 37 99 1. Introduction 101 To extend the utility and application scenarios of SCTP, this 102 document introduces optional extensions that provide SCTP with the 103 ability to: 105 1. reconfigure IP address information on an existing association. 107 2. set the remote primary path. 109 3. exchange adaptation layer information during association setup. 111 These extensions enable SCTP to be utilized in the following 112 applications: 114 1. For computational or networking platforms that allow addition/ 115 removal of physical interface cards this feature can provide a 116 graceful method to add to the interfaces of an existing 117 association. For IPv6 this feature allows renumbering of 118 existing associations. 120 2. This provides a method for an endpoint to request that its peer 121 set its primary destination address. This can be useful when an 122 address is about to be deleted, or when an endpoint has some 123 predetermined knowledge about which is the preferred address to 124 receive SCTP packets upon. 126 3. This feature can be used to extend the usability of SCTP without 127 modifying it by allowing endpoints to exchange some information 128 during association setup. 130 2. Conventions 132 The keywords MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, 133 SHOULD NOT, RECOMMENDED, NOT RECOMMENDED, MAY, and OPTIONAL, when 134 they appear in this document, are to be interpreted as described in 135 RFC2119 [2]. 137 3. Additional Chunks and Parameters 139 This section describes the addition of two new chunks and, six new 140 parameters to allow: 142 o Dynamic addition of IP Addresses to an association. 144 o Dynamic deletion of IP Addresses from an association. 146 o A request to set the primary address the peer will use when 147 sending to an endpoint. 149 Additionally, this section describes three new error causes that 150 support these new chunks and parameters. 152 3.1 New Chunk Types 154 This section defines two new chunk types that will be used to 155 transfer the control information reliably. Table 1 illustrates the 156 two new chunk types. 158 Chunk Type Chunk Name 159 -------------------------------------------------------------- 160 0xC1 Address Configuration Change Chunk (ASCONF) 161 0x80 Address Configuration Acknowledgment (ASCONF-ACK) 163 Table 1: Address Configuration Chunks 165 It should be noted that the ASCONF Chunk format requires the receiver 166 to report to the sender if it does not understand the ASCONF Chunk. 167 This is accomplished by setting the upper bits in the chunk type as 168 described in RFC2960 [6] section 3.2. Note that the upper two bits 169 in the ASCONF Chunk are set to one. As defined in RFC2960 [6] 170 section 3.2, setting these upper bits in this manner will cause the 171 receiver that does not understand this chunk to skip the chunk and 172 continue processing, but report in an Operation Error Chunk using the 173 'Unrecognized Chunk Type' cause of error. 175 3.1.1 Address Configuration Change Chunk (ASCONF) 177 This chunk is used to communicate to the remote endpoint one of the 178 configuration change requests that MUST be acknowledged. The 179 information carried in the ASCONF Chunk uses the form of a Type- 180 Length-Value (TLV), as described in "3.2.1 Optional/Variable-length 181 Parameter Format" in RFC2960 [6], for all variable parameters. This 182 chunk MUST be sent in an authenticated way by using the mechanism 183 defined in SCTP-AUTH [7]. If this chunk is received unauthenticated 184 it MUST be silently discarded as described in SCTP-AUTH [7]. 186 0 1 2 3 187 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 188 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 189 | Type = 0xC1 | Chunk Flags | Chunk Length | 190 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 191 | Serial Number | 192 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 193 | Address Parameter | 194 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 195 | ASCONF Parameter #1 | 196 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 197 \ \ 198 / .... / 199 \ \ 200 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 201 | ASCONF Parameter #N | 202 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 204 Serial Number : 32 bits (unsigned integer) 206 This value represents a Serial Number for the ASCONF Chunk. The 207 valid range of Serial Number is from 0 to 4294967295 (2**32 - 1). 208 Serial Numbers wrap back to 0 after reaching 4294967295. 210 Address Parameter : 8 or 20 bytes (depending on type) 212 This field contains an address parameter, either IPv6 or IPv4, from 213 RFC2960 [6]. The address is an address of the sender of the ASCONF 214 chunk, the address MUST be considered part of the association by the 215 peer endpoint (the receiver of the ASCONF chunk). This field may be 216 used by the receiver of the ASCONF to help in finding the 217 association. This parameter MUST be present in every ASCONF message 218 i.e. it is a mandatory TLV parameter. 220 Note the host name address parameter is NOT allowed and MUST be 221 ignored if received in any ASCONF message. 223 ASCONF Parameter: TLV format 225 Each Address configuration change is represented by a TLV parameter 226 as defined in Section 3.2. One or more requests may be present in an 227 ASCONF Chunk. 229 3.1.2 Address Configuration Acknowledgment Chunk (ASCONF-ACK) 231 This chunk is used by the receiver of an ASCONF Chunk to acknowledge 232 the reception. It carries zero or more results for any ASCONF 233 Parameters that were processed by the receiver. This chunk MUST be 234 sent in an authenticated way by using the mechanism defined in SCTP- 235 AUTH [7]. If this chunk is received unauthenticated it MUST be 236 silently discarded as described in SCTP-AUTH [7]. 238 0 1 2 3 239 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 240 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 241 | Type = 0x80 | Chunk Flags | Chunk Length | 242 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 243 | Serial Number | 244 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 245 | ASCONF Parameter Response#1 | 246 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 247 \ \ 248 / .... / 249 \ \ 250 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 251 | ASCONF Parameter Response#N | 252 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 254 Serial Number : 32 bits (unsigned integer) 256 This value represents the Serial Number for the received ASCONF Chunk 257 that is acknowledged by this chunk. This value is copied from the 258 received ASCONF Chunk. 260 ASCONF Parameter Response : TLV format 262 The ASCONF Parameter Response is used in the ASCONF-ACK to report 263 status of ASCONF processing. By default, if a responding endpoint 264 does not include any Error Cause, a success is indicated. Thus a 265 sender of an ASCONF-ACK MAY indicate complete success of all TLVs in 266 an ASCONF by returning only the Chunk Type, Chunk Flags, Chunk Length 267 (set to 8) and the Serial Number. 269 3.2 New Parameter Types 271 The six new parameters added follow the format defined in section 272 3.2.1 of RFC2960 [6]. Table 2 and 3 describes the parameters. 274 Address Configuration Parameters Parameter Type 275 ------------------------------------------------- 276 Set Primary Address 0xC004 277 Adaption Layer Indication 0xC006 279 Table 2: Parameters that can be used in INIT/INIT-ACK chunk 281 Address Configuration Parameters Parameter Type 282 ------------------------------------------------- 283 Add IP Address 0xC001 284 Delete IP Address 0xC002 285 Set Primary Address 0xC004 287 Table 2: Parameters used in ASCONF Parameter 289 Address Configuration Parameters Parameter Type 290 ------------------------------------------------- 291 Error Cause Indication 0xC003 292 Success Indication 0xC005 294 Table 3: Parameters used in ASCONF Parameter Response 296 Any parameter that appears where it is not allowed (for example a 297 0xC002 parameter appearing within an INIT or INIT-ACK) MAY be 298 responded to with an ABORT by the receiver of the invalid parameter. 300 3.2.1 Add IP Address 302 0 1 2 3 303 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 304 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 305 | Type = 0xC001 | Length = Variable | 306 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 307 | ASCONF-Request Correlation ID | 308 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 309 | Address Parameter | 310 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 312 ASCONF-Request Correlation ID: 32 bits 314 This is an opaque integer assigned by the sender to identify each 315 request parameter. It is in host byte order and is only meaningful 316 to the sender. The receiver of the ASCONF Chunk will copy this 32 317 bit value into the ASCONF Response Correlation ID field of the 318 ASCONF-ACK response parameter. The sender of the ASCONF can use this 319 same value in the ASCONF-ACK to find which request the response is 320 for. 322 Address Parameter: TLV 324 This field contains an IPv4 or IPv6 address parameter as described in 325 3.3.2.1 of RFC2960 [6]. The complete TLV is wrapped within this 326 parameter. It informs the receiver that the address specified is to 327 be added to the existing association. 329 An example TLV requesting that the IPv4 address 10.1.1.1 be added to 330 the association would look as follows: 332 +--------------------------------+ 333 | Type=0xC001 | Length = 16 | 334 +--------------------------------+ 335 | C-ID = 0x01023474 | 336 +--------------------------------+ 337 | Type=5 | Length = 8 | 338 +----------------+---------------+ 339 | Value=0x0a010101 | 340 +----------------+---------------+ 342 Valid Chunk Appearance 344 The Add IP Address parameter may only appear in the ASCONF Chunk 345 type. 347 3.2.2 Delete IP Address 349 0 1 2 3 350 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 351 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 352 | Type =0xC002 | Length = Variable | 353 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 354 | ASCONF-Request Correlation ID | 355 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 356 | Address Parameter | 357 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 359 ASCONF-Request Correlation ID: 32 bits 361 This is an opaque integer assigned by the sender to identify each 362 request parameter. It is in host byte order and is only meaningful 363 to the sender. The receiver of the ASCONF Chunk will copy this 32 364 bit value into the ASCONF Response Correlation ID field of the 365 ASCONF-ACK response parameter. The sender of the ASCONF can use this 366 same value in the ASCONF-ACK to find which request the response is 367 for. 369 Address Parameter: TLV 371 This field contains an IPv4 or IPv6 address parameter as described in 372 3.3.2.1 of RFC2960 [6]. The complete TLV is wrapped within this 373 parameter. It informs the receiver that the address specified is to 374 be removed from the existing association. 376 An example TLV deleting the IPv4 address 10.1.1.1 from an existing 377 association would look as follows: 379 +--------------------------------+ 380 | Type=0xC002 | Length = 16 | 381 +--------------------------------+ 382 | C-ID = 0x01023476 | 383 +--------------------------------+ 384 | Type=5 | Length = 8 | 385 +----------------+---------------+ 386 | Value=0x0a010101 | 387 +----------------+---------------+ 389 Valid Chunk Appearance 391 The Delete IP Address parameter may only appear in the ASCONF Chunk 392 type. 394 3.2.3 Error Cause Indication 396 0 1 2 3 397 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 398 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 399 | Type = 0xC003 | Length = Variable | 400 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 401 | ASCONF-Response Correlation ID | 402 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 403 | Error Cause(s) or Return Info on Success | 404 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 406 ASCONF-Response Correlation ID: 32 bits 408 This is an opaque integer assigned by the sender to identify each 409 request parameter. The receiver of the ASCONF Chunk will copy this 410 32 bit value from the ASCONF-Request Correlation ID into the ASCONF 411 Response Correlation ID field so the peer can easily correlate the 412 request to this response. 414 Error Cause(s): TLV(s) 416 When reporting an error this response parameter is used to wrap one 417 or more standard error causes normally found within an SCTP 418 Operational Error or SCTP Abort (as defined in RFC2960 [6]). The 419 Error Cause(s) follow the format defined in section 3.3.10 of RFC2960 420 [6]. 422 Valid Chunk Appearance 423 The Error Cause Indication parameter may only appear in the ASCONF- 424 ACK chunk type. 426 3.2.4 Set Primary IP Address 428 0 1 2 3 429 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 430 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 431 | Type =0xC004 | Length = Variable | 432 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 433 | ASCONF-Request Correlation ID | 434 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 435 | Address Parameter | 436 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 438 ASCONF-Request Correlation ID: 32 bits 440 This is an opaque integer assigned by the sender to identify each 441 request parameter. It is in host byte order and is only meaningful 442 to the sender. The receiver of the ASCONF Chunk will copy this 32 443 bit value into the ASCONF Response Correlation ID field of the 444 ASCONF-ACK response parameter. The sender of the ASCONF can use this 445 same value in the ASCONF-ACK to find which request the response is 446 for. 448 Address Parameter: TLV 450 This field contains an IPv4 or IPv6 address parameter as described in 451 3.3.2.1 of RFC2960 [6]. The complete TLV is wrapped within this 452 parameter. It requests the receiver to mark the specified address as 453 the primary address to send data to (see section 5.1.2 of RFC2960 454 [6]). The receiver MAY mark this as its primary upon receiving this 455 request. 457 An example TLV requesting that the IPv4 address 10.1.1.1 be made the 458 primary destination address would look as follows: 460 +--------------------------------+ 461 | Type=0xC004 | Length = 16 | 462 +--------------------------------+ 463 | C-ID = 0x01023479 | 464 +--------------------------------+ 465 | Type=5 | Length = 8 | 466 +----------------+---------------+ 467 | Value=0x0a010101 | 468 +----------------+---------------+ 470 Valid Chunk Appearance 471 The Set Primary IP Address parameter may appear in the ASCONF Chunk, 472 the INIT, or the INIT-ACK chunk type. The inclusion of this 473 parameter in the INIT or INIT-ACK can be used to indicate an initial 474 preference of primary address. 476 3.2.5 Success Indication 478 0 1 2 3 479 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 480 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 481 | Type = 0xC005 | Length = 8 | 482 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 483 | ASCONF-Response Correlation ID | 484 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 486 By default if a responding endpoint does not report an error for any 487 requested TLV, a success is implicitly indicated. Thus a sender of a 488 ASCONF-ACK MAY indicate complete success of all TLVs in an ASCONF by 489 returning only the Chunk Type, Chunk Flags, Chunk Length (set to 8) 490 and the Serial Number. 492 The responding endpoint MAY also choose to explicitly report a 493 success for a requested TLV, by returning a success report ASCONF 494 Parameter Response. 496 ASCONF-Response Correlation ID: 32 bits 498 This is an opaque integer assigned by the sender to identify each 499 request parameter. The receiver of the ASCONF Chunk will copy this 500 32 bit value from the ASCONF-Request Correlation ID into the ASCONF 501 Response Correlation ID field so the peer can easily correlate the 502 request to this response. 504 Valid Chunk Appearance 506 The Success Indication parameter may only appear in the ASCONF-ACK 507 chunk type. 509 3.2.6 Adaptation Layer Indication 511 0 1 2 3 512 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 513 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 514 | Type =0xC006 | Length = 8 | 515 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 516 | Adaption Code point | 517 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 519 This parameter is specified for the communication of peer upper layer 520 protocols. It is envisioned to be used for flow control and other 521 adaptation layers that require an indication to be carried in the 522 INIT and INIT-ACK. Each adaptation layer that is defined that wishes 523 to use this parameter MUST specify a an adaption code point in an 524 appropriate RFC defining its use and meaning. This parameter SHOULD 525 NOT be examined by the receiving SCTP implementation and should be 526 passed opaquely to the upper layer protocol. 528 Valid Chunk Appearance 530 The Adaptation Layer Indication parameter may appear in INIT or INIT- 531 ACK chunk and SHOULD be passed to the receivers upper layer protocol. 532 This parameter MUST NOT appear in a ASCONF chunk. 534 3.3 New Error Causes 536 Five new Error Causes are added to the SCTP Operational Errors, 537 primarily for use in the ASCONF-ACK chunk. 539 Cause Code 540 Value Cause Code 541 --------- ---------------- 542 0x0100 Request to Delete Last Remaining IP Address. 543 0x0101 Operation Refused Due to Resource Shortage. 544 0x0102 Request to Delete Source IP Address. 545 0x0103 Association Aborted due to illegal ASCONF-ACK 546 0x0104 Request refused - no authorization. 548 Table 4: New Error Causes 550 3.3.1 Error Cause: Request to Delete Last Remaining IP Address 552 Cause of error 554 Request to Delete Last Remaining IP address: The receiver of this 555 error sent a request to delete the last IP address from its 556 association with its peer. This error indicates that the request is 557 rejected. 559 0 1 2 3 560 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 561 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 562 | Cause Code=0x0100 | Cause Length=Variable | 563 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 564 \ TLV-Copied-From-ASCONF / 565 / \ 566 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 568 An example of a failed delete in an Error Cause TLV would look as 569 follows in the response ASCONF-ACK message: 571 +--------------------------------+ 572 | Type = 0xC003 | Length = 28 | 573 +----------------+---------------+ 574 | C-ID = 0x01023476 | 575 +--------------------------------+ 576 | Cause=0x0100 | Length = 20 | 577 +----------------+---------------+ 578 | Type= 0xC002 | Length = 16 | 579 +----------------+---------------+ 580 | C-ID = 0x01023476 | 581 +--------------------------------+ 582 | Type=0x0005 | Length = 8 | 583 +----------------+---------------+ 584 | Value=0x0A010101 | 585 +----------------+---------------+ 587 3.3.2 Error Cause: Operation Refused Due to Resource Shortage 589 Cause of error 591 This error cause is used to report a failure by the receiver to 592 perform the requested operation due to a lack of resources. The 593 entire TLV that is refused is copied from the ASCONF into the error 594 cause. 596 0 1 2 3 597 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 598 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 599 | Cause Code=0x0101 | Cause Length=Variable | 600 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 601 \ TLV-Copied-From-ASCONF / 602 / \ 603 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 605 An example of a failed addition in an Error Cause TLV would look as 606 follows in the response ASCONF-ACK message: 608 +--------------------------------+ 609 | Type = 0xC003 | Length = 28 | 610 +--------------------------------+ 611 | C-ID = 0x01023474 | 612 +--------------------------------+ 613 | Cause=0x0101 | Length = 20 | 614 +----------------+---------------+ 615 | Type=0xC001 | Length = 16 | 616 +--------------------------------+ 617 | C-ID = 0x01023474 | 618 +--------------------------------+ 619 | Type=0x0005 | Length = 8 | 620 +----------------+---------------+ 621 | Value=0x0A010101 | 622 +----------------+---------------+ 624 3.3.3 Error Cause: Request to Delete Source IP Address 626 Cause of error 628 Request to Delete Source IP Address: The receiver of this error sent 629 a request to delete the source IP address of the ASCONF message. 630 This error indicates that the request is rejected. 632 0 1 2 3 633 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 634 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 635 | Cause Code=0x0102 | Cause Length=Variable | 636 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 637 \ TLV-Copied-From-ASCONF / 638 / \ 639 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 641 An example of a failed delete in an Error Cause TLV would look as 642 follows in the response ASCONF-ACK message: 644 +--------------------------------+ 645 | Type = 0xC003 | Length = 28 | 646 +--------------------------------+ 647 | C-ID = 0x01023476 | 648 +--------------------------------+ 649 | Cause=0x0102 | Length = 20 | 650 +----------------+---------------+ 651 | Type=0xC002 | Length = 16 | 652 +----------------+---------------+ 653 | C-ID = 0x01023476 | 654 +--------------------------------+ 655 | Type=0x0005 | Length = 8 | 656 +----------------+---------------+ 657 | Value=0x0A010101 | 658 +----------------+---------------+ 660 IMPLEMENTATION NOTE: It is unlikely that an endpoint would source a 661 packet from the address being deleted, unless the endpoint does not 662 do proper source address selection. 664 3.3.4 Error Cause: Association Aborted due to illegal ASCONF-ACK 666 This error is to be included in an ABORT that is generated due to the 667 reception of an ASCONF-ACK that was not expected but is larger than 668 the current sequence number (see Section 4.3 Rule D0 ). Note that a 669 sequence number is larger than the last acked sequence number if it 670 is either the next sequence or no more than 2^^31-1 greater than the 671 current sequence number. 673 0 1 2 3 674 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 675 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 676 | Cause Code=0x0103 | Cause Length=4 | 677 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 679 3.3.5 Error Cause: Request refused - no authorization. 681 Cause of error 683 This error cause may be included to reject a request based on local 684 security policies. 686 0 1 2 3 687 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 688 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 689 | Cause Code=0x0104 | Cause Length=Variable | 690 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 691 \ TLV-Copied-From-ASCONF / 692 / \ 693 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 695 4. Procedures 697 This section will lay out the specific procedures for address 698 configuration change chunk type and its processing. 700 4.1 ASCONF Chunk Procedures 702 When an endpoint has an ASCONF signaled change to be sent to the 703 remote endpoint it should do the following: 705 A1) Create an ASCONF Chunk as defined in Section 3.1.1. The chunk 706 should contain all of the TLV(s) of information necessary to be 707 sent to the remote endpoint, and unique correlation identities for 708 each request. 710 A2) A serial number should be assigned to the Chunk. The serial 711 number should be a monotonically increasing number. The serial 712 number MUST be initialized at the start of the association to the 713 same value as the Initial TSN and every time a new ASCONF chunk is 714 created it is incremented by one after assigning the serial number 715 to the newly created chunk . 717 A3) If no ASCONF Chunk is outstanding (un-acknowledged) with the 718 remote peer, send the chunk. 720 A4) Start a T-4 RTO timer, using the RTO value of the selected 721 destination address (normally the primary path; see RFC2960 [6] 722 section 6.4 for details). 724 A5) When the ASCONF-ACK that acknowledges the serial number last sent 725 arrives, stop the T-4 RTO timer, and clear the appropriate 726 association and destination error counters as defined in RFC2960 727 [6] section 8.1 and 8.2. 729 A6) Process all of the TLVs within the ASCONF-ACK to find out 730 particular status information returned to the various requests 731 that were sent. Use the Correlation IDs to correlate the request 732 and the responses. 734 A7) If an error response is received for a TLV parameter, all TLVs 735 with no response before the failed TLV are considered successful 736 if not reported. All TLVs after the failed response are 737 considered unsuccessful unless a specific success indication is 738 present for the parameter. 740 A8) If there is no response(s) to specific TLV parameter(s), and no 741 failures are indicated, then all request(s) are considered 742 successful. 744 A9) If the peer responds to an ASCONF with an ERROR chunk reporting 745 that it did not recognize the ASCONF chunk type, the sender of the 746 ASCONF MUST NOT send any further ASCONF chunks and MUST stop its 747 T-4 timer. 749 If the T-4 RTO timer expires the endpoint should do the following: 751 B1) Increment the error counters and perform path failure detection 752 on the appropriate destination address as defined in RFC2960 [6] 753 section 8.1 and 8.2. 755 B2) Increment the association error counters and perform endpoint 756 failure detection on the association as defined in RFC2960 [6] 757 section 8.1 and 8.2. 759 B3) Back-off the destination address RTO value to which the ASCONF 760 chunk was sent by doubling the RTO timer value. 762 Note: The RTO value is used in the setting of all timer types for 763 SCTP. Each destination address has a single RTO estimate. 765 B4) Re-transmit the ASCONF Chunk last sent and if possible choose an 766 alternate destination address (please refer to RFC2960 [6] section 767 6.4.1). An endpoint MUST NOT add new parameters to this chunk, it 768 MUST be the same (including its serial number) as the last ASCONF 769 sent. 771 B5) Restart the T-4 RTO timer. Note that if a different destination 772 is selected, then the RTO used will be that of the new destination 773 address. 775 Note: the total number of re-transmissions is limited by B2 above. 776 If the maximum is reached, the association will fail and enter into 777 the CLOSED state (see RFC2960 [6] section 6.4.1 for details). 779 4.1.1 Congestion Control of ASCONF Chunks 781 In defining the ASCONF Chunk transfer procedures, it is essential 782 that these transfers MUST NOT cause congestion within the network. 783 To achieve this, we place these restrictions on the transfer of 784 ASCONF Chunks: 786 R1) One and only one ASCONF Chunk MAY be in transit and 787 unacknowledged at any one time. If a sender, after sending an 788 ASCONF chunk, decides it needs to transfer another ASCONF Chunk, 789 it MUST wait until the ASCONF-ACK Chunk returns from the previous 790 ASCONF Chunk before sending a subsequent ASCONF. Note this 791 restriction binds each side, so at any time two ASCONF may be in- 792 transit on any given association (one sent from each endpoint). 794 R2) An ASCONF may be bundled with any other chunk type (except other 795 ASCONF Chunks). 797 R3) An ASCONF-ACK may be bundled with any other chunk type except 798 other ASCONF-ACKs. 800 R4) Both ASCONF and ASCONF-ACK chunks MUST NOT be sent in any SCTP 801 state except ESTABLISHED, SHUTDOWN-PENDING, SHUTDOWN-RECEIVED and 802 SHUTDOWN-SENT. 804 R5) An ASCONF MUST NOT be larger than the path MTU of the 805 destination. 807 R6) An ASCONF-ACK SHOULD not be larger than the path MTU. In some 808 circumstances an ASCONF-ACK may exceed the path MTU and in such a 809 case IP fragmentation should be used to transmit the chunk. 811 If the sender of an ASCONF Chunk receives an Operational Error 812 indicating that the ASCONF chunk type is not understood, then the 813 sender MUST NOT send subsequent ASCONF Chunks to the peer. The 814 endpoint should also inform the upper layer application that the peer 815 endpoint does not support any of the extensions detailed in this 816 document. 818 4.2 Upon reception of an ASCONF Chunk. 820 When an endpoint receives an ASCONF Chunk from the remote peer 821 special procedures MAY be needed to identify the association the 822 ASCONF Chunk is associated with. To properly find the association 823 the following procedures should be followed: 825 L1) Use the source address and port number of the sender to attempt 826 to identify the association (i.e. use the same method defined in 827 RFC2960 [6] used for all other SCTP chunks). If found proceed to 828 rule L4. 830 L2) If the association is not found, use the address found in the 831 Address Parameter TLV combined with the port number found in the 832 SCTP common header. If found proceed to rule L4. 834 L3) If neither L1 or L2 locates the association, treat the chunk as 835 an Out Of The Blue chunk as defined in RFC2960 [6]. 837 L4) Follow the normal rules to validate the SCTP verification tag 838 found in RFC2960 [6]. 840 After identification and verification of the association, the 841 following should be performed to properly process the ASCONF Chunk: 843 C1) Compare the value of the serial number to the value the endpoint 844 stored in a new association variable 'Peer-Serial-Number'. This 845 value MUST be initialized to the Initial TSN value minus 1. 847 C2) If the value found in the serial number is equal to the ('Peer- 848 Serial-Number' + 1), the endpoint MUST: 850 V1) Process the TLVs contained within the Chunk performing the 851 appropriate actions as indicated by each TLV type. The TLVs 852 MUST be processed in order within the Chunk. For example, if 853 the sender puts 3 TLVs in one chunk, the first TLV (the one 854 closest to the Chunk Header) in the Chunk MUST be processed 855 first. The next TLV in the chunk (the middle one) MUST be 856 processed second and finally the last TLV in the Chunk MUST be 857 processed last. 859 V2) In processing the chunk, the receiver should build a response 860 message with the appropriate error TLVs, as specified in the 861 Parameter type bits for any ASCONF Parameter it does not 862 understand. To indicate an unrecognized parameter, cause type 863 8 as defined in the ERROR in 3.3.10.8 of RFC2960 [6] should be 864 used. The endpoint may also use the response to carry 865 rejections for other reasons such as resource shortages etc, 866 using the Error Cause TLV and an appropriate error condition. 868 Note: a positive response is implied if no error is indicated 869 by the sender. 871 V3) All responses MUST copy the ASCONF-Request Correlation ID 872 field received in the ASCONF parameter, from the TLV being 873 responded to, into the ASCONF-Request Correlation ID field in 874 the response parameter. 876 V4) After processing the entire Chunk, the receiver of the ASCONF 877 MUST send all TLVs for both unrecognized parameters and any 878 other status TLVs inside the ASCONF-ACK chunk that acknowledges 879 the arrival and processing of the ASCONF Chunk. 881 V5) Update the 'Peer-Serial-Number' to the value found in the 882 serial number field. 884 C3) If the value found in the serial number is equal to the value 885 stored in the 'Peer-Serial-Number', the endpoint should: 887 X1) Parse the ASCONF Chunk TLVs but the endpoint MUST NOT take any 888 action on the TLVs parsed (since it has already performed these 889 actions). 891 X2) Build a response message with the appropriate response TLVs as 892 specified in the ASCONF Parameter type bits, for any parameter 893 it does not understand or could not process. 895 X3) After parsing the entire Chunk, it MUST send any response TLV 896 errors and status with an ASCONF-ACK chunk acknowledging the 897 arrival and processing of the ASCONF Chunk. 899 X4) The endpoint MUST NOT update its 'Peer-Serial-Number'. 901 Note: the response to the retransmitted ASCONF MUST be the same as 902 the original response. This MAY mean an implementation must keep 903 state in order to respond with the same exact answer (including 904 resource considerations that may have made the implementation 905 refuse a request). 907 IMPLEMENTATION NOTE: As an optimization a receiver may wish to 908 save the last ASCONF-ACK for some predetermined period of time and 909 instead of re-processing the ASCONF (with the same serial number) 910 it may just re-transmit the ASCONF-ACK. It may wish to use the 911 arrival of a new serial number to discard the previously saved 912 ASCONF-ACK or any other means it may choose to expire the saved 913 ASCONF-ACK. 915 C4) Otherwise, the ASCONF Chunk is discarded since it must be either 916 a stale packet or from an attacker. A receiver of such a packet 917 MAY log the event for security purposes. 919 C5) In both cases C2 and C3 the ASCONF-ACK MUST be sent back to the 920 source address contained in the IP header of the ASCONF being 921 responded to. 923 4.3 General rules for address manipulation 925 When building TLV parameters for the ASCONF Chunk that will add or 926 delete IP addresses the following rules should be applied: 928 D0) If an endpoint receives an ASCONF-ACK that is greater than or 929 equal to the next serial number to be used but no ASCONF chunk is 930 outstanding the endpoint MUST ABORT the association. Note that a 931 sequence number is greater than if it is no more than 2^^31-1 932 larger than the current sequence number (using serial arithmetic). 934 D1) When adding an IP address to an association, the IP address is 935 NOT considered fully added to the association until the ASCONF-ACK 936 arrives. This means that until such time as the ASCONF containing 937 the add is acknowledged the sender MUST NOT use the new IP address 938 as a source for ANY SCTP packet except on carrying an ASCONF 939 chunk. The receiver of the add IP address request may use the 940 address as a destination immediately. 942 D2) After the ASCONF-ACK of an IP address add arrives, the endpoint 943 MAY begin using the added IP address as a source address for any 944 type of SCTP chunk. 946 D3a) If an endpoint receives an Error Cause TLV indicating that the 947 IP address Add or IP address Deletion parameters was not 948 understood, the endpoint MUST consider the operation failed and 949 MUST NOT attempt to send any subsequent Add or Delete requests to 950 the peer. 952 D3b) If an endpoint receives an Error Cause TLV indicating that the 953 IP address Set Primary IP Address parameter was not understood, 954 the endpoint MUST consider the operation failed and MUST NOT 955 attempt to send any subsequent Set Primary IP Address requests to 956 the peer. 958 D4) When deleting an IP address from an association, the IP address 959 MUST be considered a valid destination address for the reception 960 of SCTP packets until the ASCONF-ACK arrives and MUST NOT be used 961 as a source address for any subsequent packets. This means that 962 any datagrams that arrive before the ASCONF-ACK destined to the IP 963 address being deleted MUST be considered part of the current 964 association. One special consideration is that ABORT chunks 965 arriving destined to the IP address being deleted MUST be ignored 966 (see Section 4.3.1 for further details). 968 D5) An endpoint MUST NOT delete its last remaining IP address from an 969 association. In other words if an endpoint is NOT multi-homed it 970 MUST NOT use the delete IP address without an add IP address 971 preceding the delete parameter in the ASCONF chunk. Or if an 972 endpoint sends multiple requests to delete IP addresses it MUST 973 NOT delete all of the IP addresses that the peer has listed for 974 the requester. 976 D6) An endpoint MUST NOT set an IP header source address for an SCTP 977 packet holding the ASCONF Chunk to be the same as an address being 978 deleted by the ASCONF Chunk. 980 D7) If a request is received to delete the last remaining IP address 981 of a peer endpoint, the receiver MUST send an Error Cause TLV with 982 the error cause set to the new error code 'Request to Delete Last 983 Remaining IP Address'. The requested delete MUST NOT be performed 984 or acted upon, other than to send the ASCONF-ACK. 986 D8) If a request is received to delete an IP address which is also 987 the source address of the IP packet which contained the ASCONF 988 chunk, the receiver MUST reject this request. To reject the 989 request the receiver MUST send an Error Cause TLV set to the new 990 error code 'Request to Delete Source IP Address' (unless Rule D5 991 has also been violated, in which case the error code 'Request to 992 Delete Last Remaining IP Address' is sent). 994 D9) If an endpoint receives an ADD IP address request and does not 995 have the local resources to add this new address to the 996 association, it MUST return an Error Cause TLV set to the new 997 error code 'Operation Refused Due to Resource Shortage'. 999 D10) If an endpoint receives an 'Out of Resource' error in response 1000 to its request to ADD an IP address to an association, it must 1001 either ABORT the association or not consider the address part of 1002 the association. In other words if the endpoint does not ABORT 1003 the association, it must consider the add attempt failed and NOT 1004 use this address since its peer will treat SCTP packets destined 1005 to the address as Out Of The Blue packets. 1007 D11) When an endpoint receiving an ASCONF to add an IP address sends 1008 an 'Out of Resource' in its response, it MUST also fail any 1009 subsequent add or delete requests bundled in the ASCONF. The 1010 receiver MUST NOT reject an ADD and then accept a subsequent 1011 DELETE of an IP address in the same ASCONF Chunk. In other words, 1012 once a receiver begins failing any ADD or DELETE request, it must 1013 fail all subsequent ADD or DELETE requests contained in that 1014 single ASCONF. 1016 D12) When an endpoint receives a request to delete an IP address that 1017 is the current primary address, it is an implementation decision 1018 as to how that endpoint chooses the new primary address. 1020 D13) When an endpoint receives a valid request to DELETE an IP 1021 address the endpoint MUST consider the address no longer as part 1022 of the association. It MUST NOT send SCTP packets for the 1023 association to that address and it MUST treat subsequent packets 1024 received from that address as Out Of The Blue. 1026 During the time interval between sending out the ASCONF and 1027 receiving the ASCONF-ACK it MAY be possible to receive DATA chunks 1028 out of order. The following examples illustrate these problems: 1030 Endpoint-A Endpoint-Z 1031 ---------- ---------- 1032 ASCONF[Add-IP:X]------------------------------> 1033 /--ASCONF-ACK 1034 / 1035 /--------/---New DATA: 1036 / / Destination 1037 <-------------------/ / IP:X 1038 / 1039 <--------------------------/ 1041 In the above example we see a new IP address (X) being added to the 1042 Endpoint-A. However due to packet re-ordering in the network a new 1043 DATA chunk is sent and arrives at Endpoint-A before the ASCONF-ACK 1044 confirming the add of the address to the association. 1046 A similar problem exists with the deletion of an IP address as 1047 follows: 1049 Endpoint-A Endpoint-Z 1050 ---------- ---------- 1051 /------------New DATA: 1052 / Destination 1053 / IP:X 1054 ASCONF [DEL-IP:X]---------/----------------> 1055 <-----------------/------------------ASCONF-ACK 1056 / 1057 / 1058 <-------------/ 1060 In this example we see a DATA chunk destined to the IP:X (which is 1061 about to be deleted) arriving after the deletion is complete. For 1062 the ADD case an endpoint SHOULD consider the newly adding IP address 1063 valid for the association to receive data from during the interval 1064 when awaiting the ASCONF-ACK. The endpoint MUST NOT source data from 1065 this new address until the ASCONF-ACK arrives but it may receive out 1066 of order data as illustrated and MUST NOT treat this data as an OOTB 1067 datagram (please see RFC2960 [6] section 8.4). It MAY drop the data 1068 silently or it MAY consider it part of the association but it MUST 1069 NOT respond with an ABORT. 1071 For the DELETE case, an endpoint MAY respond to the late arriving 1072 DATA packet as an OOTB datagram or it MAY hold the deleting IP 1073 address for a small period of time as still valid. If it treats the 1074 DATA packet as an OOTB the peer will silently discard the ABORT 1075 (since by the time the ABORT is sent the peer will have removed the 1076 IP address from this association). If the endpoint elects to hold 1077 the IP address valid for a period of time, it MUST NOT hold it valid 1078 longer than 2 RTO intervals for the destination being removed. 1080 4.3.1 A special case for OOTB ABORT chunks 1082 Another case worth mentioning is illustrated below: 1084 Endpoint-A Endpoint-Z 1085 ---------- ---------- 1087 New DATA:------------\ 1088 Source IP:X \ 1089 \ 1090 ASCONF-REQ[DEL-IP:X]----\------------------> 1091 \ /---------ASCONF-ACK 1092 \ / 1093 \----/-----------> OOTB 1094 (Ignored <---------------------/-------------ABORT 1095 by rule D4) / 1096 <---------------------/ 1098 For this case, during the deletion of an IP address, an Abort MUST be 1099 ignored if the destination address of the Abort message is that of a 1100 destination being deleted. 1102 4.3.2 A special case for changing an address. 1104 In some instances the sender may only have one IP address in an 1105 association that is being renumbered. When this occurs, the sender 1106 may not be able to send to the peer the appropriate ADD/DELETE pair 1107 and use the old address as a source in the IP header. For this 1108 reason the sender MUST fill in the Address Parameter field with an 1109 address that is part of the association (in this case the one being 1110 deleted). This will allow the receiver to locate the association 1111 without using the source address found in the IP header. 1113 The receiver of such a chunk MUST always first use the source address 1114 found in the IP header in looking up the association. The receiver 1115 should attempt to use the address found in the Address Bytes field 1116 only if the lookup fails using the source address from the IP header. 1117 The receiver MUST reply to the source address of the packet in this 1118 case which is the new address that was added by the ASCONF (since the 1119 old address is no longer a part of the association after processing). 1121 4.4 Setting of the primary address 1123 A sender of this option may elect to send this combined with a 1124 deletion or addition of an address. A sender SHOULD only send a set 1125 primary request to an address that is already considered part of the 1126 association. In other words if a sender combines a set primary with 1127 an add of a new IP address the set primary will be discarded unless 1128 the add request is to be processed BEFORE the set primary (i.e. it 1129 precedes the set primary). 1131 A request to set primary MAY also appear in an INIT or INIT-ACK 1132 chunk. This can give advice to the peer endpoint as to which of its 1133 addresses the sender of the INIT or INIT-ACK would prefer to be used 1134 as the primary address. 1136 The request to set an address as the primary path is an option the 1137 receiver SHOULD perform. It is considered advice to the receiver of 1138 the best destination address to use in sending SCTP packets (in the 1139 requesters view). If a request arrives that asks the receiver to set 1140 an address as primary that does not exist, the receiver should NOT 1141 honor the request, leaving its existing primary address unchanged. 1143 5. Security Considerations 1145 The ADD/DELETE of an IP address to an existing association does 1146 provide an additional mechanism by which existing associations can be 1147 hijacked. 1149 This document requires the use of the authentication mechanism 1150 defined in SCTP-AUTH [7] to limit the ability of an attacker to 1151 hijack an association. Hijacking an association by using ADD/DELETE 1152 of an IP address is only possible for an attacker who is able to 1153 intercept the association setup. However, if a preconfigured shared 1154 end-point pair key is used this is not possible. For a more detailed 1155 analysis see SCTP-AUTH [7]. 1157 6. IANA considerations 1159 This document defines the following new SCTP parameters, chunks and 1160 errors: 1162 o Two new chunk types, 1164 o Six parameter types, and 1166 o Five new SCTP error causes. 1168 One of the two new chunk types must come from the range of chunk 1169 types where the upper two bits are one, we recommend 0xC1 but any 1170 other available code point with the upper bits set is also 1171 acceptable. 1173 The second chunk type must come from the range where only the upper 1174 bit is set to one. We recommend 0x80 but any other available code 1175 point with the upper bit set is also acceptable. 1177 All of the parameter types must come from the range of types where 1178 the upper two bits are set, we recommend 0xC001 - 0xC006, as 1179 specified in this document, but other parameter types can be used as 1180 long as the upper two bits of the type are set to one. 1182 The five new error causes can be any value, in this document we have 1183 used 0x0100-0x0104 in an attempt to seperate these from the common 1184 ranges of error codes. Any other unassigned values are also 1185 acceptable. 1187 This document also defines a Adaption code point. The adaption code 1188 point is a 32 bit integer that is assigned by IANA through an IETF 1189 Consensus action as defined in RFC2434 [4]. 1191 7. Acknowledgments 1193 The authors wish to thank Jon Berger, Greg Kendall, Seok Koh, Peter 1194 Lei, John Loughney, Ivan Arias Rodriguez, Renee Revis, Marshall Rose, 1195 and Chip Sharp for their invaluable comments. 1197 The authors would also like to give special mention to Maria-Carmen 1198 Belinchon and Ian Rytina for there early contributions to this 1199 document and their thoughtful comments. 1201 8. References 1203 [1] Bradner, S., "The Internet Standards Process -- Revision 3", 1204 BCP 9, RFC 2026, October 1996. 1206 [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement 1207 Levels", BCP 14, RFC 2119, March 1997. 1209 [3] Kent, S. and R. Atkinson, "IP Authentication Header", RFC 2402, 1210 November 1998. 1212 [4] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA 1213 Considerations Section in RFCs", BCP 26, RFC 2434, October 1998. 1215 [5] Rose, M., "Writing I-Ds and RFCs using XML", RFC 2629, 1216 June 1999. 1218 [6] Stewart, R., Xie, Q., Morneault, K., Sharp, C., Schwarzbauer, 1219 H., Taylor, T., Rytina, I., Kalla, M., Zhang, L., and V. Paxson, 1220 "Stream Control Transmission Protocol", RFC 2960, October 2000. 1222 [7] Tuexen, M., Stewart, R., Lei, P., and E. Rescorla, 1223 "Authenticated Chunks for Stream Control Transmission Protocol 1224 (SCTP)", draft-tuexen-sctp-auth-chunk-03 (work in progress), 1225 February 2005. 1227 Authors' Addresses 1229 Randall R. Stewart 1230 Cisco Systems, Inc. 1231 4875 Forest Drive 1232 Suite 200 1233 Columbia, SC 29206 1234 USA 1236 Phone: 1237 Email: rrs@cisco.com 1239 Michael A. Ramalho 1240 Cisco Systems, Inc. 1241 1802 Rue de la Porte 1242 Wall Township, NJ 07719-3784 1243 USA 1245 Phone: +1.732.449.5762 1246 Email: mramalho@cisco.com 1248 Qiaobing Xie 1249 Motorola, Inc. 1250 1501 W. Shure Drive, #2309 1251 Arlington Heights, IL 60004 1252 USA 1254 Phone: +1-847-632-3028 1255 Email: qxie1@email.mot.com 1257 Michael Tuexen 1258 Univ. of Applied Sciences Muenster 1259 Stegerwaldstr. 39 1260 48565 Steinfurt 1261 Germany 1263 Email: tuexen@fh-muenster.de 1264 Phillip T. Conrad 1265 University of Delaware 1266 Department of Computer and Information Sciences 1267 Newark, DE 19716 1268 US 1270 Phone: +1 302 831 8622 1271 Email: conrad@acm.org 1272 URI: http://www.cis.udel.edu/~pconrad 1274 Appendix A. Abstract Address Handling 1276 A.1 General remarks 1278 The following text provides a working definition of the endpoint 1279 notion to discuss address reconfiguration. It is not intended to 1280 restrict implementations in any way, its goal is to provide as set of 1281 definitions only. Using these definitions should make a discussion 1282 about address issues easier. 1284 A.2 Generalized endpoints 1286 A generalized endpoint is a pair of a set of IP addresses and a port 1287 number at any given point of time. The precise definition is as 1288 follows: 1290 A generalized endpoint gE at time t is given by 1292 gE(t) = ({IP1, ..., IPn}, Port) 1294 where {IP1, ..., IPn} is a non empty set of IP addresses. 1296 Please note that the dynamic addition and deletion of IP-addresses 1297 described in this document allows the set of IP-addresses of a 1298 generalized endpoint to be changed at some point of time. The port 1299 number can never be changed. 1301 The set of IP addresses of a generalized endpoint gE at a time t is 1302 defined as 1304 Addr(gE)(t) = {IP1, ..., IPn} 1306 if gE(t) = ({IP1, ..., IPn}, Port) holds at time t. 1308 The port number of a generalized endpoint gE is defined as 1310 Port(gE) = Port 1312 if gE(t) = ({IP1, ..., IPn}, Port) holds at time t. 1314 There is one fundamental rule which restricts all generalized 1315 endpoints: 1317 For two different generalized endpoints gE' and gE'' with the same 1318 port number Port(gE') = Port(gE'') the address sets Addr(gE')(t) and 1319 Addr(gE'')(t) must be disjoint at every point of time. 1321 A.3 Associations 1323 Associations consists of two generalized endpoints and the two 1324 address sets known by the peer at any time. The precise definition 1325 is as follows: 1327 An association A between to different generalized endpoints gE' and 1328 gE'' is given by 1330 A = (gE', S', gE'', S'') 1332 where S'(t) and S''(t) are set of addresses at any time t such that 1333 S'(t) is a non-empty subset of Addr(gE')(t) and S''(t) is a non-empty 1334 subset of Addr(gE'')(t). 1336 If A = (gE', S', gE'', S'') is an association between the generalized 1337 endpoints gE' and gE'' the following notion is used: 1339 Addr(A, gE') = S' and Addr(A, gE'') = S''. 1341 If the dependency on time is important the notion Addr(A, gE')(t) = 1342 S'(t) will be used. 1344 If A is an association between gE' and gE'' then Addr(A, gE') is the 1345 subset of IP addresses of gE' which is known by gE'' and used by gE'. 1347 Association establishment between gE' and gE'' can be seen as: 1349 1. gE' and gE'' do exist before the association. 1351 2. If an INIT has to be send from gE' to gE'' address scoping rules 1352 and other limitations are applied to calculate the subset S' from 1353 Addr(gE'). The addresses of S' are included in the INIT chunk. 1355 3. If an INIT-ACK has to be send from gE'' to gE' address scoping 1356 rules and other limitations are applied to calculate the subset 1357 S'' from Addr(gE''). The addresses of S'' are included in the 1358 INIT-ACK chunk. 1360 4. After the handshake the association A = (gE', S', gE'', S'') has 1361 been established. 1363 5. Right after the association establishment Addr(A, gE') and 1364 Addr(A, gE'') are the addresses which have been seen on the wire 1365 during the handshake. 1367 A.4 Relationship with RFC 2960 1369 RFC2960 [6] defines the notion of an endpoint. This subsection will 1370 show that these endpoints are also (special) generalized endpoints. 1372 RFC2960 [6] has no notion of address scoping or other address 1373 handling limitations and provides no mechanism to change the 1374 addresses of an endpoint. 1376 This means that an endpoint is simply a generalized endpoint which 1377 does not depend on the time. Neither the Port nor the address list 1378 changes. 1380 During association setup no address scoping rules or other 1381 limitations will be applied. This means that for an association A 1382 between two endpoints gE' and gE'' the following is true: 1384 Addr(A, gE') = Addr(gE') and Addr(A, gE'') = Addr(gE''). 1386 A.5 Rules for address manipulation 1388 The rules for address manipulation can now be stated in a simple way: 1390 1. An address can be added to a generalized endpoint gE only if this 1391 address is not an address of a different generalized endpoint 1392 with the same port number. 1394 2. An address can be added to an association A with generalized 1395 endpoint gE if it has been added to the generalized endpoint gE 1396 first. This means that the address must be an element of 1397 Addr(gE) first and then it can become an element of Addr(A, gE). 1398 But this is not necessary. If the association does not allow the 1399 reconfiguration of the addresses only Addr(gE) can be modified. 1401 3. An address can be deleted from an association A with generalized 1402 endpoint gE as long as Addr(A, gE) stays non-empty. 1404 4. An address can be deleted from an generalized endpoint gE only if 1405 it has been removed from all associations having gE as a 1406 generalized endpoint. 1408 These rules simply make sure that the rules for the endpoints and 1409 associations given above are always fulfilled. 1411 Intellectual Property Statement 1413 The IETF takes no position regarding the validity or scope of any 1414 Intellectual Property Rights or other rights that might be claimed to 1415 pertain to the implementation or use of the technology described in 1416 this document or the extent to which any license under such rights 1417 might or might not be available; nor does it represent that it has 1418 made any independent effort to identify any such rights. Information 1419 on the procedures with respect to rights in RFC documents can be 1420 found in BCP 78 and BCP 79. 1422 Copies of IPR disclosures made to the IETF Secretariat and any 1423 assurances of licenses to be made available, or the result of an 1424 attempt made to obtain a general license or permission for the use of 1425 such proprietary rights by implementers or users of this 1426 specification can be obtained from the IETF on-line IPR repository at 1427 http://www.ietf.org/ipr. 1429 The IETF invites any interested party to bring to its attention any 1430 copyrights, patents or patent applications, or other proprietary 1431 rights that may cover technology that may be required to implement 1432 this standard. Please address the information to the IETF at 1433 ietf-ipr@ietf.org. 1435 Disclaimer of Validity 1437 This document and the information contained herein are provided on an 1438 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 1439 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 1440 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 1441 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 1442 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 1443 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 1445 Copyright Statement 1447 Copyright (C) The Internet Society (2005). This document is subject 1448 to the rights, licenses and restrictions contained in BCP 78, and 1449 except as set forth therein, the authors retain all their rights. 1451 Acknowledgment 1453 Funding for the RFC Editor function is currently provided by the 1454 Internet Society.